To accomplish password change on first login, i'd create an additional field on the user's profile, and then when they login - check the field. If it's set, redirect to a change password page. Changing the password changes the value of the field
so the user isn't redirected the next time they login.
As for redirecting the user, you could do it pretty easily by creating a web part that gets added to the home page. Then every time the user hits the home page, the web part code would be run that would redirect them if their profile field is set.
You could do the same thing by adding a custom control to the master page - then the code would run anytime any page is loaded.
If you want to add the code to just the login page and are having issues, you could use reflector or ilspy to find out what's happening in the code behind and adapt your changes to that.